Privacy Policy

§1 General Provisions

  1. This document constitutes an appendix to the Terms and Conditions. By using our services, you entrust us with your information. This Privacy Policy is intended to help you understand what information and data we collect and for what purpose we use them. These data are very important to us, so we ask you to carefully read this document, as it sets out the rules and methods for processing and protecting personal data. This document also specifies the principles of using “Cookies.”

  2. We hereby declare that we comply with personal data protection rules and all legal regulations provided for by the Personal Data Protection Act and the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR).

  3. Any individual whose personal data are processed has the right to contact us to obtain comprehensive information on how we use their personal data. We always strive to clearly explain what data we collect, how we use it, for what purposes, to whom it is transferred, the level of protection provided during transfer to third parties, and the institutions to contact in case of any doubts.

  4. The Service applies technical measures such as: physical protection of personal data, IT and telecommunications infrastructure security, protection within software tools and databases, and organizational measures to ensure proper protection of processed personal data, particularly to safeguard against unauthorized access, unauthorized use, accidental or intentional modification, loss, damage, or destruction of such data.

  5. Under the Terms and Conditions and this document, we have exclusive access to personal data. Access may also be granted to entities that handle payments, process and store personal data according to their regulations, or entities responsible for fulfilling orders. Access is provided only to the extent necessary to perform these services.

  6. Personal data are processed only for purposes for which you have given consent by ticking the appropriate boxes in the Service’s forms or in another explicit manner. The legal basis for processing your personal data is either your consent or the necessity to perform a service (e.g., ordering a product or service) under Article 6(1)(a) and (b) of the GDPR.

§2 Privacy Principles

  1. We take privacy seriously. We respect privacy and ensure the utmost convenience when using our services.

  2. We value the trust users place in us by providing their personal data for order fulfillment. We always use personal data fairly and only to the extent necessary to complete the order and related processing.

  3. Users have the right to clear and full information about how we use their personal data and for what purposes. We always clearly inform users about the data we collect, how and to whom it is transferred, and provide information about entities to contact with questions or concerns.

  4. In case of doubts regarding the processing of users’ personal data, we promptly take action to clarify them and respond thoroughly to all questions.

  5. We take all reasonable measures to protect users’ data from improper or uncontrolled use and ensure comprehensive security.

  6. The Data Controller’s contact details are available under the “Contact” section of the website.

  7. The legal basis for processing your personal data is Article 6(1)(b) GDPR. Providing data is not mandatory but necessary for performing pre-contractual actions and contract fulfillment. Personal data may be transferred to other recipients processing data on our behalf. Data may be transferred outside the European Economic Area (EEA), subject to standard contractual clauses or Privacy Shield safeguards where applicable.

  8. Personal data related to the execution of a contract will be stored for the duration of the contract and as long as required by law, including the Civil Code and accounting regulations, but no longer than 10 years from the end of the calendar year in which the last contract was executed.

  9. Personal data for future contracts will be processed until objection is raised.

  10. Users have the right to: access their personal data and obtain a copy, correct inaccuracies, request deletion (right to be forgotten), request restriction of processing, object to processing, and data portability for automated processing.

  11. Complaints regarding unlawful processing may be submitted to the supervisory authority (Personal Data Protection Office, ul. Stawki 2, Warsaw).

  12. We take all measures to protect information from unauthorized access, modification, disclosure, or destruction, including physical, technical, and organizational safeguards.

  13. We comply with all applicable data protection laws and cooperate with supervisory authorities and law enforcement.

  14. Detailed information on data protection measures is included in the internal data security policy (for inspection only by authorized regulatory bodies).

  15. Questions regarding personal data processing can be submitted via the website from which the user accessed this Privacy Policy.

  16. Users may always notify us if they:

a) no longer wish to receive communications from us;
b) want a copy of their personal data;
c) wish to update or delete their personal data;
d) wish to report breaches or misuse of their personal data.

  1. To facilitate responses, please provide your full name and relevant details.

§3 Scope and Purpose of Personal Data Collection

  1. We process necessary personal data for service provision and accounting purposes, including:

    a) order placement;
    b) contract conclusion, complaints, and withdrawal from contracts;
    c) issuing VAT invoices or receipts;
    d) monitoring website traffic;
    e) collecting anonymous statistics for user behavior analysis;
    f) tracking anonymous users;
    g) analyzing content engagement;
    h) monitoring service usage;
    i) newsletter subscriptions;
    j) personalized e-commerce recommendations;
    k) email and phone communication;
    l) social media integration;
    m) online payments.

  2. Collected data include: full name, address, delivery address, tax ID (NIP), email, phone number, date of birth, PESEL, browser information, and other voluntarily provided data.

  3. Providing this data is voluntary but necessary for full service execution.

  4. Data may also be used for direct marketing and legal obligations.

  5. Data may be transferred to servers outside the user’s country or to third parties within the EEA or beyond, in compliance with applicable law.

  6. Data are retained only as long as necessary for service quality and legal obligations.

  7. In some countries, the level of data protection may differ. Authorities in those countries may access data in accordance with local law.

§4 Cookies Policy

  1. Cookies are small text files stored on the user’s device to collect information about website usage. They include session cookies (deleted upon logout/closing browser) and persistent cookies (stored for a set period).

  2. Cookies optimize website experience, maintain sessions, and improve security.

  3. We use cookies to:

    a) optimize site usage;
    b) identify logged-in users;
    c) adapt content to user preferences;
    d) remember form and login data;
    e) collect anonymous statistics via Google Analytics;
    f) create remarketing lists;
    g) create data segments based on demographics and interests;
    h) use demographic/interest data in Analytics reports.

  4. Users can block or delete cookies via their browser at any time.

  5. Blocking cookies may limit some website functionality.

  6. Users may manually delete cookies. Browser-specific instructions are available on the respective browser manufacturer’s website.

  7. Examples of browsers supporting cookies: Internet Explorer, Chrome, Firefox, Opera, Safari, Android, Blackberry, iOS (Safari), Windows Phone.

§5 Rights and Obligations

  1. We may provide personal data to public authorities or third parties as legally required.

  2. Users have the right to access, correct, supplement, delete, or stop processing their data at any time.

  3. Data processing for clients is based on: legitimate interest, consent (including marketing), contract execution, or legal obligation.

  4. Data processing for potential clients is based on legitimate interest or consent.

  5. Requests to delete or stop processing data may limit service functionality.

  6. Profiling uses encrypted data (e.g., email, IP, cookies) for personalized marketing and preference analysis.

  7. We comply with all applicable laws and social norms.

  8. Information on out-of-court consumer dispute resolution: Financial Ombudsman: www.rf.gov.pl.

§6 Basic Security Principles

  1. Users must ensure their devices are secure (antivirus, firewall, updated software).

  2. Access credentials (login, passwords, PINs, certificates) must be securely stored.

  3. Be cautious with unexpected email attachments/links.

  4. Use anti-phishing tools in browsers.

  5. Download files only from trusted sources.

  6. Secure Wi-Fi with strong passwords and encryption (e.g., WPA2).

§7 Social Media Plugins

  1. Plugins from social networks (Facebook, X) may be present.

  2. Facebook: Meta Platforms Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. Plugin info

  3. X (formerly Twitter): X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Plugin info

  4. Plugins may send information about user visits to these platforms.

  5. More information: Facebook PrivacyX Privacy

  6. To avoid tracking, log out of social media accounts before visiting our website.

Copyright Notice

All copyright to this Privacy Policy template belongs to LEGATO Legal Office. Unauthorized copying or distribution is prohibited and may incur civil or criminal liability.